ipfw, pipes, queues, weights and managing an Internet connection
Mark Martinec
Mark.Martinec at ijs.si
Tue Jun 12 23:52:26 UTC 2007
Lubomir,
> ...could you please comment it a little because I'm
> relatively new to ipfw+dummynet and some of the lines seem *really* strange
> to me... I'm talking about the - iptos,proto,tcpflags, lowdelay and iplen
> commands.
Should be documented in the man page. Some comments are due anyway:
> > add 65001 queue 13 out iptos lowdelay iplen 0-250 xmit IF_EXT
The 'iptos lowdelay' short packets should cover protocols
like NTP or VoIP.
> > add 65002 queue 13 out proto udp src-port 12334 xmit IF_EXT
Port 12334 is my Skype magic port.
> > add 65003 queue 13 out proto udp iplen 0-250 xmit IF_EXT
Remaining short UPD packets, like DNS query/replies etc.
> > add 65004 queue 12 out proto udp xmit IF_EXT
> > add 65005 queue 12 out proto icmp xmit IF_EXT
I like pings to be responsive.
> > add 65006 queue 12 out proto tcp tcpflags ack iplen 0-80 xmit IF_EXT
ACK-only packets should have priority, otherwise traffic
in reverse direction is unnecessarily slowed down by traffic
in forward direction (and the other way around).
> > add 65007 queue 11 out proto tcp iplen 0-300 xmit IF_EXT
Interactive typing (remote emacs, console, ...)
> > add 65008 queue 11 out proto tcp src-port 80,88 xmit IF_EXT
Replies from my web server.
> > add 65009 queue 10 out proto tcp dst-port rsync xmit IF_EXT
Backup has the lowest priority.
> Just one question - you're saying that it is possible to shape /delay,
> drop etc./ the packets so quickly so that when a pipe is fully utilized
> someone hits a queue with a higher weight /for example port 80 would be
> prioritized over p2p traffic/ it would be like as if the pipe was not used
> at all?
So it appears to me. Running Skype along with reading mail and
running a nightly backup works fine.
Mark
More information about the freebsd-ipfw
mailing list